The security afforded to the data being transmitted between the communicating parties is an important consideration when selecting a communications network. Security here refers to the ease with which an unwanted third party can intercept a communication and render it intelligible. In the most security conscious applications a layered approach is taken to security with encryption applied at multiple points within the network, at multiple layers of the OSI stack. Thus all layers of encryption have to be compromised by the eavesdropper before the message can be recovered. For example information may be encrypted at the SONET/SDH (OSI layer 1) in a transmission network and again at higher layers using techniques such as IPSec (OSI layer 3) or TLS (Transport Layer Security, OSI layer 7). In packet based security schemes the packet source and destination is necessarily visible to allow routing within the network core. This address visibility allows traffic analysis based on packet addresses to take place. This can be used to detect events, such as increased traffic along a route, which may give away information the communicating parties may wish to keep secret. For this reason there is value in implementing lower layer security, even in a network where strong packet based security is present. The present invention provides a technique for adding cost effective protection at the most basic layer of the network. This can be used on its own or in conjunction with security at higher layers within the network.
The first step in the process of eavesdropping is to intercept the communication. In this respect electrical or optical point to point communication offers a degree of physical security in that the cable first has to be accessed. However cable routes are often long and the tapping of electrical or optical cables is not difficult once access is obtained. Signals in the physical layer always have to be regarded as analogue in nature, even if their source is digital. The transmitted signal will be distorted by transmission impairments, such as dispersion, and the recovered signal will always include some amount of noise not present at the transmitter. The ideal is to quickly convert this analogue signal back into the transmitted digital bit stream. Once in the digital domain the signal can be easily stored and subject to cryptanalysis to discover the keys to higher layers of coding. The present invention provides a technique for frustrating the recovery of digital information from the analogue signal present in the cable providing a layer of security not commonly present in networks today. The technique is of particular value in high rate optical transmission, but could also be applied to electrical or optical transmission at any rate.